What we collect
When you buy a licence or create an account we process your name, billing address, email, VAT ID (B2B), and payment metadata. We do not store full card numbers — those are tokenised by our payment processors (Stripe, Klarna, PayPal, Adyen).
We also collect device and session data needed to deliver the service (IP, user agent, referrer, pages viewed) and, with your consent, analytics events that help us measure product performance.
Why we use it
- Deliver and activate your software licences.
- Issue EU-compliant invoices and retain them for bookkeeping.
- Prevent fraud and chargebacks.
- Provide customer support and respond to refund requests.
- Improve the product, only with your consent for analytics / marketing.
Legal basis (GDPR Art. 6)
- Contract performance — purchase, delivery, refund flows.
- Legal obligation — invoicing, tax and consumer-protection records.
- Legitimate interest — fraud prevention, infrastructure security.
- Consent — analytics, marketing emails, personalised recommendations.
Data retention
Order and invoice records are kept for the statutory period required by EU accounting law (up to 10 years). Support tickets are kept for 24 months. Consent-based analytics events are kept for 14 months. You can request earlier deletion whenever legal retention allows.
Your rights
You can exercise any GDPR right — access, rectification, erasure, restriction, portability, objection — by emailing [email protected]. We respond within 30 days. You can also lodge a complaint with your local supervisory authority.
Processors
We share necessary data with: Stripe & Adyen (payments), SendGrid & Postmark (transactional email), Supabase (hosted database), Cloudflare (edge delivery), PostHog (privacy-consented analytics). Each processor is under a GDPR Art. 28 Data Processing Agreement.
Contact
Controller: Digital Soft Distribution Sp. z o.o., ul. Hoża 86/410, 00-682 Warszawa, Poland. Email [email protected] for any privacy question or request.